1. Home
  2. Vulnerabilities
  3. CVE-2024-57951
7.8
HIGH CVSS 3.1
CVE-2024-57951
Linux Kernel hrtimers CPU State Handling Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfway through a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to CPUHP_ONLINE: Since hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set to 1 throughout. However, during a CPU unplug operation, the tick and the clockevents are shut down at CPUHP_AP_TICK_DYING. On return to the online state, for instance CFS incorrectly assumes that the hrtick is already active, and the chance of the clockevent device to transition to oneshot mode is also lost forever for the CPU, unless it goes back to a lower state than CPUHP_HRTIMERS_PREPARE once. This round-trip reveals another issue; cpu_base.online is not set to 1 after the transition, which appears as a WARN_ON_ONCE in enqueue_hrtimer(). Aside of that, the bulk of the per CPU state is not reset either, which means there are dangling pointers in the worst case. Address this by adding a corresponding startup() callback, which resets the stale per CPU state and sets the online flag. [ tglx: Make the new callback unconditionally available, remove the online modification in the prepare() callback and clear the remaining state in the starting callback instead of the prepare callback ]

INFO

Published Date :

Feb. 12, 2025, 2:15 p.m.

Last Modified :

Feb. 14, 2025, 3:57 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2024-57951 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
Solution
Update the Linux kernel to fix issues with CPU state handling during hotplug events.
  • Update the Linux kernel to the latest version.
  • Apply the provided patch for hrtimers CPU state handling.
  • Verify CPU hotplug functionality after the update.
  • Test hrtimer operations post-remediation.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-57951.

URL Resource
https://git.kernel.org/stable/c/14984139f1f2768883332965db566ef26db609e7 Patch
https://git.kernel.org/stable/c/15b453db41d36184cf0ccc21e7df624014ab6a1a Patch
https://git.kernel.org/stable/c/2f8dea1692eef2b7ba6a256246ed82c365fdc686 Patch
https://git.kernel.org/stable/c/38492f6ee883c7b1d33338bf531a62cff69b4b28 Patch
https://git.kernel.org/stable/c/3d41dbf82e10c44e53ea602398ab002baec27e75 Patch
https://git.kernel.org/stable/c/95e4f62df23f4df1ce6ef897d44b8e23c260921a Patch
https://git.kernel.org/stable/c/a5cbbea145b400e40540c34816d16d36e0374fbc Patch
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-57951 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-57951 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-57951 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2024-57951 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Feb. 14, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE NIST CWE-416
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.302 up to (excluding) 4.20 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.264 up to (excluding) 5.4.290 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.204 up to (excluding) 5.10.234 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.143 up to (excluding) 5.15.177 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.68 up to (excluding) 6.1.127 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.7 up to (excluding) 6.6.74 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.11 *cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*
    Changed Reference Type https://git.kernel.org/stable/c/14984139f1f2768883332965db566ef26db609e7 No Types Assigned https://git.kernel.org/stable/c/14984139f1f2768883332965db566ef26db609e7 Patch
    Changed Reference Type https://git.kernel.org/stable/c/15b453db41d36184cf0ccc21e7df624014ab6a1a No Types Assigned https://git.kernel.org/stable/c/15b453db41d36184cf0ccc21e7df624014ab6a1a Patch
    Changed Reference Type https://git.kernel.org/stable/c/2f8dea1692eef2b7ba6a256246ed82c365fdc686 No Types Assigned https://git.kernel.org/stable/c/2f8dea1692eef2b7ba6a256246ed82c365fdc686 Patch
    Changed Reference Type https://git.kernel.org/stable/c/38492f6ee883c7b1d33338bf531a62cff69b4b28 No Types Assigned https://git.kernel.org/stable/c/38492f6ee883c7b1d33338bf531a62cff69b4b28 Patch
    Changed Reference Type https://git.kernel.org/stable/c/3d41dbf82e10c44e53ea602398ab002baec27e75 No Types Assigned https://git.kernel.org/stable/c/3d41dbf82e10c44e53ea602398ab002baec27e75 Patch
    Changed Reference Type https://git.kernel.org/stable/c/95e4f62df23f4df1ce6ef897d44b8e23c260921a No Types Assigned https://git.kernel.org/stable/c/95e4f62df23f4df1ce6ef897d44b8e23c260921a Patch
    Changed Reference Type https://git.kernel.org/stable/c/a5cbbea145b400e40540c34816d16d36e0374fbc No Types Assigned https://git.kernel.org/stable/c/a5cbbea145b400e40540c34816d16d36e0374fbc Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 12, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfway through a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to CPUHP_ONLINE: Since hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set to 1 throughout. However, during a CPU unplug operation, the tick and the clockevents are shut down at CPUHP_AP_TICK_DYING. On return to the online state, for instance CFS incorrectly assumes that the hrtick is already active, and the chance of the clockevent device to transition to oneshot mode is also lost forever for the CPU, unless it goes back to a lower state than CPUHP_HRTIMERS_PREPARE once. This round-trip reveals another issue; cpu_base.online is not set to 1 after the transition, which appears as a WARN_ON_ONCE in enqueue_hrtimer(). Aside of that, the bulk of the per CPU state is not reset either, which means there are dangling pointers in the worst case. Address this by adding a corresponding startup() callback, which resets the stale per CPU state and sets the online flag. [ tglx: Make the new callback unconditionally available, remove the online modification in the prepare() callback and clear the remaining state in the starting callback instead of the prepare callback ]
    Added Reference https://git.kernel.org/stable/c/14984139f1f2768883332965db566ef26db609e7
    Added Reference https://git.kernel.org/stable/c/15b453db41d36184cf0ccc21e7df624014ab6a1a
    Added Reference https://git.kernel.org/stable/c/2f8dea1692eef2b7ba6a256246ed82c365fdc686
    Added Reference https://git.kernel.org/stable/c/38492f6ee883c7b1d33338bf531a62cff69b4b28
    Added Reference https://git.kernel.org/stable/c/3d41dbf82e10c44e53ea602398ab002baec27e75
    Added Reference https://git.kernel.org/stable/c/95e4f62df23f4df1ce6ef897d44b8e23c260921a
    Added Reference https://git.kernel.org/stable/c/a5cbbea145b400e40540c34816d16d36e0374fbc
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 7.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact